Emulating RBAC using FIM Service and Portal

Similar Messages

• FIM Service and Portal Installation Ends Prematurely

  Hello All,
      I'm in the process of setting up a new production FIM 2010 R2 server. I have already installed the FIM synchronization service and I was able to install this successfully.
  I have already installed SharePoint services (WSS 3.0) and configured it for FIM. But when I try to install the FIM Service and Portal.
  I keep getting and error that says " FIM Service and Portal Installation Ends Prematurely" with no other details. If anybody has any advice please let me know. 
      I have already installed everything on a stand alone box in a dev environment and it all works correctly however I am unable to now install in a production environment 

  Cameron is right - you should consider FIMService account nearly as normal AD account for user*
  An installer account should be admin on the box, where you are installing FIMService and he should be sysadmin on SQL during installation of FIMService. An installer account should be other than FIMService account itself.
  *FIMService account:
  Lock down the Service Account
  The service account should not be used by any other services or users. The account must not be used to logon interactively and requires no access to any additional resources beyond those granted during setup. The service account is used to provide the security
  context for the MIIS service as it accesses resources on the MIIS server and the associated database. It also provides the security context for the execution of any rules extensions.
  Lock down the service account to ensure no malicious user is able to sign in using its credentials and gain access to MIIS data. Configure Group Policies to lock down the account and restrict access to this account. Since the MIIS service only needs the account
  to run as a service, restrict the account as follows:
  Deny logon as a batch job.
  Deny logon locally.
  Deny logon through Terminal Services.
  Deny access to this computer from the network.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.
  Good topic for a Wiki article:
  http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx
  Thanks Dominic and Jose!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• NLB for Two FIM Service and portal servers in single domain

  Hi,
  I am currently working in a FIM Project in which i need to install two FIM service and Portal Servers in single Domain.
  Customer wants to open the FIM Portal with common URL of both the Servers.
  I have only knowledge that we need to do NLB between IIS of both the servers. anyone can provide help that how can we achieve this.
  Any help would be really appriciated.
  Thanks,

  Actually - just configure NLB and make sure that your Sharpoint site collection handles access mapping for this common name. Best would be to create it with this name as a site name from the start. 
  Same for service - configure all nodes to use same service name and configure NLB. 
  Here is some blog post which should help on details:
  http://blogs.msdn.com/b/agileer/archive/2011/06/28/setting-up-an-nlb-cluster-for-a-fim-portal-web-service.aspx
  Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

• Error installing FIM Service and Portal R2

  Trying to make a test FIM R2 installation, I get this error when I install the Service and Portal:
  Action ended 14:41:10: CheckServiceEmailAccountFormat. Return value 1.
  MSI (s) (68:BC) [14:41:10:973]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIE17.tmp, Entrypoint: IsSharepointAdminServiceRunning
  Action start 14:41:10: CheckSharepointAdminServiceRunning.
  SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIE17.tmp-\
  SFXCA: Binding to CLR version v2.0.50727
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
  Exception thrown by custom action:
  System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
     at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)
     --- End of inner exception stack trace ---
     at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
     at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
  CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 14:41:11: CheckSharepointAdminServiceRunning. Return value 3.
  Action ended 14:41:11: INSTALL. Return value 3.
  I got this by running the msi from the command line, as otherwise no error message is reported in the installation or in the event log.
  Any idea what could be the cause?
  Paolo Tedesco - http://cern.ch/idm

  Hi Paolo,
  Check if the SharePoint Administration Service is not running, to start the service
  http://technet.microsoft.com/en-us/library/ee513050(v=office.14).aspx
  Regards Andre van der Westhuizen

• MIM PAM - Service and Portal Install Error

  Guys,
  I'm having an issue deploying MIM Service and Portal. 
  I have downloaded the MIM CTP from the Microsoft Connect and following the MIM CTP test lab guide for PAM. 
  I'm on page 25/26 trying to launch the Service and Portal msi to install. When I launch the setup as the 
  administrator I get the following error.
  When I enabled msiexec logs, the only error I see is shown below. Any ideas?
  Any Ideas appreciate...

  On Mon, 17 Nov 2014 08:07:14 +0000, Sameera_man wrote:
  I'm having an issue deploying MIM Service and Portal. 
  I have downloaded the MIM CTP from the Microsoft Connect and following the MIM CTP test lab guide for PAM. 
  I'm on page 25/26 trying to launch the Service and Portal msi to install. When I launch the setup as the 
  administrator I get the following error.
  <https://social.technet.microsoft.com/Forums/getfile/567822>
  When I enabled msiexec logs, the only error I see is shown below. Any ideas?
  Have you filed a bug on Connect? That is the preferred support method for
  the CTP.
  Paul Adare - FIM CM MVP
  Q. how many hackers does it take to screw in a light bulb?
  A. Huh?...What? Oh, it's dark in here?

• Error Installing Service and portal of MIM Public Preview

  I try to install the Public Preview. Right at the beginning of the Setup Procedure of the Service and Portal the Setup stops with the error below.
  Thanks for your help.
  Henry
  MSI (c) (70!D0) [08:55:53:380]: Creating MSIHANDLE (5) of type 790531 for thread 5840
  Calling custom action Microsoft.IdentityManagement.PasswordResetCAs!Microsoft.IdentityManagement.ManagedCustomActions.PasswordResetCustomActions.GetIISVersion
  MSI (c) (70!D0) [08:55:53:411]: Closing MSIHANDLE (5) of type 790531 for thread 5840
  MSI (c) (70!D0) [08:55:53:426]: Creating MSIHANDLE (6) of type 790531 for thread 5840
  Error: could not load custom action class Microsoft.IdentityManagement.ManagedCustomActions.PasswordResetCustomActions from assembly: Microsoft.IdentityManagement.PasswordResetCAs
  MSI (c) (70!D0) [08:55:53:426]: Closing MSIHANDLE (6) of type 790531 for thread 5840
  MSI (c) (70!D0) [08:55:53:426]: Creating MSIHANDLE (7) of type 790531 for thread 5840
  System.IO.FileLoadException: Could not load file or assembly 'Microsoft.IdentityManagement.PasswordResetCAs, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT:
  0x8013141A)
  File name: 'Microsoft.IdentityManagement.PasswordResetCAs, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)
  The Zone of the assembly that failed was:
  MyComputer
     at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
     at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
     at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
     at System.AppDomain.Load(String assemblyString)
     at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.GetCustomActionMethod(Session session, String assemblyName, String className, String methodName)
  MSI (c) (70!D0) [08:55:53:426]: Closing MSIHANDLE (7) of type 790531 for thread 5840
  CustomAction GetIISVersionFromRegistry returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  MSI (c) (70:9C) [08:55:53:442]: Closing MSIHANDLE (2) of type 790542 for thread 5144
  Action ended 8:55:53: GetIISVersionFromRegistry. Return value 3.
  Action 8:55:53: FatalError.
  Action start 8:55:53: FatalError.
  Action 8:55:53: FatalError. Dialog created
  Action ended 8:55:55: FatalError. Return value 2.
  Action ended 8:55:55: INSTALL. Return value 3.

  On Thu, 8 Jan 2015 09:46:27 +0000, henryschl wrote:
  I found a way to overcome the Setup error on my test Server. I disabled StrongNameVerification.
  "c:\Install\MIM Preview\MIM PAM and SSPR 1484"\sn.exe -Vr *,31bf3856ad364e35
  Steps 20 and 21 on pages 24 and 25 of the lab guide.
  Paul Adare - FIM CM MVP
  "...the nam-shub of Ousterhout." -- Malcolm Ray about Tcl

• I lost my iPad 3, using location services and know exactly where there device at.  I called police, they show up at that house

  I lost my iPad 3, using location services and know exactly where there device at.  I called police, they show up at that house, owner denied he doesn't have it.  I even show officers on my iPhone where the missing iPad at and send message, face time, etc.  But officers said owner don't let's they go inside the house, they can't help me to recover it???!!! 
  Are officers doing enough or they didn't do it enough to help me recover my missing iPad?
  Thanks...

  I don't think Apple's Find My [xxx] has been legally tested as constituing probable cause to issue a search warrant by the DA, so the cops can't go in without an invite. You'll need a good lawyer to go in and force new jurisprudence to occur. By which time, the iGadget will be long gone from the place.
  Price to pay for living under the Rule of Law. In shadier parts of the planet, you could get a pack of goons to go in, retrieve the item and pound some common sense into the miscreant.

• How to authenticate with Sharepoint using rest service and jquery

  Hi ,
  I have a requirement where i need to authenticate with  sharepoint from ios and android app using rest services and jquery.
  Can anyone help me in this .
  Thanks in Advance.
  Regards,
  Srinath 

  Hi,
  According to your post, my understanding is that you want to access SharePoint data from IOS and Android app.
  The following materials for your reference:
  How can I authenticate SharePoint REST calls from Android App?
  http://stackoverflow.com/questions/24673373/how-can-i-authenticate-sharepoint-rest-calls-from-android-app
  Calling RESTful services from your Android app
  http://www.techrepublic.com/blog/software-engineer/calling-restful-services-from-your-android-app/
  SharePoint 2013 REST API in iOS
  http://omicron-llama.co.uk/2012/12/13/sharepoint-2013-rest-api-in-ios/
  Best Regards
  Dennis Guo
  TechNet Community Support

• Error Installing FIMService_x64_KB2870703.msp when FIM Service and FIM Portal (SharePoint) are on two different servers!

  I'm trying to install KB2870703 however I have our servers setup this way:
  Server A: FIM Service & Sync Service
  Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal
  When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly
  The errors from the log:
  Action 12:27:15: CheckSharepointAdminServiceRunning.
  Action start 12:27:15: CheckSharepointAdminServiceRunning.
  SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
  SFXCA: Binding to CLR version v2.0.50727
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
  Exception thrown by custom action:
  System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  or one of its dependencies. The system cannot find the file specified.
  File name: 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  or one of its dependencies. The system cannot find the file specified.
  File name: 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  WRN: Assembly binding logging is turned OFF.
  To enable assembly bind failure logging, set the registry value  (DWORD) to 1.
  Note: There is some performance penalty associated with assembly bind failure logging.
  To turn this feature off, remove the registry value .
     at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)
     --- End of inner exception stack trace ---
     at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
     at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
  CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
  Action ended 12:27:15: INSTALL. Return value 3.
  Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\

  On Wed, 26 Mar 2014 00:15:57 +0000, jmanley WI wrote:
  I installed it on server B I need to install on server A to update the Database Schema. My understanding is having the portal seperated from the portal is supported. Is that incorrect?
  You don't mention the FIM Portal at all in your first post.
  Paul Adare - FIM CM MVP
  "The day Microsoft makes something that doesn't suck is probably the day
  they
  start making vacuum cleaners" -- Ernst Jan Plugge

• Web Services and Portal v1

  Can 9iAS Portal v1 support Webservices just like Portal v2 can?

  Yes ... I doubt the PDK samples built in V1 are backwards compatible because V1 used Apache JServ and V2 uses OC4J. I did build a demo for Oracle OpenWorld 2001 that showed this by building a stub in JDeveloper consuming the Web service and then building a portlet using the JPDK that used that Java stub to call a Web service. I did it on 9iAS Portal 1.0.2.2 and it worked fine. Not sure if that's all you're looking for ... I could send you the basic stuff offline but it is a little old and folks familiar with it are probably not so many now. So bear that in mind - [email protected]
  Mike.

• Portal service and Portal webservice

  Hi Experts,
  Could you please provide the document/blog to create Portal service and to create webservice from Portal webservice?
  Regards
  Sara

  Sara,
  These URL's are giving you step by step instruction with Screen shots and Tutorials to Create Portal Service as well as Creating Webservice from Portal Service.
  You are getting error message  because of the Restriction of your Internet Explorer settings.Try to use some other Browser to open the URLs.
  Meantime I shall find the way to get rid of this exception and update you.
  Update:
  1.Copy and Paste the given URL in Browser and try to open it.
  2.Change Internet Explorer security settings:
  Go to tools->Internet Options->Security->Internet->Custom level->Medium
  /Intranet ->Custome level to Medium-Low.
  This document will be very helpful to you for Webservice access in EP.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b07992b3-b5af-2a10-9886-affcbeccc4c9
  Regards,
  Karthick Eswaran
  Edited by: Karthick Eswaran on May 21, 2008 10:34 AM

• Which situation we will use Business Service, and Business System?

  Hi <b>SAP XI Professionals</b>  ,
  Can U plz tell me What is Business Service and Business System? when we need to use Business Service?  what is diff between B.System and B. service?
  thank You
  with regards
  jai

  HI,
  Please see the below links
  Differentiate b/w Technical System, Business System and Business Service
  Difference between Business System and Business Service.
  Difference between Business System and Business Service in ID
  Difference between Business System and Business Service
  Business system ans service
  How can I create a Service in the Business System?
  advantage and diff   btw Business service n business system
  Logical system for business service!!!!!!!!!
  Regards
  Chilla..

• How to maintain messageId when using proxy services and mq??

  Hi
  I am a novice to oracle service bus and trying few transformations by configuring proxy services.
  Let me explain the problem I'm facing:
  I have created a business service and a proxy service and configured them in a synchronous way.
  I'm using MQ as a transport protocol....and message I'm passing and transforming is in xml format.
  these proxy and business services are functioning properly.....but at the another end i have created another pair of busines and proxy service which will be taking request message from earlier business service and putting it into another queue which is reference as a response queue by earlier proxy service.
  my second pair is also working properly. now the problem is that it is not maintaining message Id during all the routing.
  and that's why im not able to read the response message from the response queue because of message ID mismatch.
  Please help!!
  tell me if i have to do change any particular configuration settings to maintain the message id for my request message throughout the flow.
  Thanks
  Edited by: ChetakCs on Jun 14, 2010 7:19 AM

  Post this in OSB forum:
  SOA Suite

• Is it possible to download a mail(.eml) from outlook 365 using exchange service and store in database using c#

  Hi All,
  I have a outlook mail account ex:- my mail account id is
  [email protected] , using c# code and Microsoft.Exchange.WebServices ,
   I want to download entair email and want to save this email in database , is it possible suggest me how can I go forward on this, if not possible please suggest some alternative ways to find the solution.
  the reason want to store this entair mail is  on click on some button I want to open this mail from database in .eml format with attachments if any are there.
  Thank in Advance
  Ravi

  Hello Ravi,
  Try this:
  http://msdn.microsoft.com/en-us/library/office/dn672317(v=exchg.150).aspx#sectionSection2
  With regards,
  Michael | Microsoft Exchange Developer Content
  The
  Exchange Development Forum Guide has useful information for using the Exchange Development Forum.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• HT5824 upgraded to ios7 on iphone4 now cant use location service and cant open restriction passcode

  Have upgraded my iphone4 from ios6 to ios7. Now cant use location service. im sure i havent ever put in a restriction passcode, but it wont accept any I put in

  Have upgraded my iphone4 from ios6 to ios7. Now cant use location service. im sure i havent ever put in a restriction passcode, but it wont accept any I put in